AI Score
Confidence
High
EPSS
Percentile
46.3%
TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491.
mantis.testlink.org/view.php?id=8808
github.com/TestLinkOpenSourceTRMS/testlink-code/commit/cde692895e425731e6951d265a01ca6425a7c26e
github.com/TestLinkOpenSourceTRMS/testlink-code/compare/1.9.19...1.9.20